Reports in the Office 365 Security & Compliance Center

You can use the Reports page in the Office 365 Security & Compliance Center to quickly access audit reports for your SharePoint Online and Exchange Online organizations. You can also access Azure Active Directory (AD) user sign-in reports, user activity reports, and the Azure AD audit log from the Reports page. This is because your paid Office 365 subscription includes a free subscription to Microsoft Azure. The first time that you try to access these Azure reports, you will have to complete a one-time registration process.

Auditing reports

The following table describes the reports in the Auditing section on the Reports page in the Security & Compliance Center.

Report

Description

Office 365 audit log report

You can search the Office 365 audit log for user and admin activity in your Office 365 organization. The report contains entries user and admin activity in Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory, which is the directory service for Office 365. For more information, see Search the audit log in the Office 365 Security & Compliance Center.

Azure AD reports

To look for unusual or suspicious sign-in activity in your Office 365 organization, you can use sign-in and activity reports in Microsoft Azure. You can also view events in the Azure AD audit log. The first time that you try to access these reports, you will have to complete a one-time registration process to get access to the reports in the Azure AD management portal. For more information, see Register for your free Microsoft Azure subscription. After you register this one and only time, just click View Azure AD reports to view the reports. For more information about viewing and downloading reports in Azure AD, see View your access and usage reports.

Exchange audit reports

You can use the auditing functionality in Office 365 to track changes made to your Exchange Online configuration by your organization’s administrators. Changes made to your Exchange Online organization by a Microsoft data center administrator or by a delegated administrator are also logged. For Exchange Online, administrator audit logging is enabled by default, so you don’t have to do anything to turn it on. Exchange Online also provides mailbox audit logging to let you track access to mailboxes by someone other than the mailbox owner. You have to enable mailbox audit logging for each mailbox that you want to track non-owner access.

For both admin and mailbox audit logging, you can run audit reports to view the audit log entries. You can also export mailbox and admin audit logs, which are sent to you within 24 hours in an XML file that is attached to email message. For more information about exporting audit logs, see:

Data loss prevention reports

Data loss prevention (DLP) reports contain information about the DLP policies and rules that have been applied to content contain sensitive data in your Office 365 organization. You can also configure the report to display information about DLP actions that were based on your DLP policy and rules. For more information, see View the report for data loss prevention.